Packet tunnel provider

Overview

A virtual private network (VPN) is a form of network tunnel where a VPN client uses the public Internet to create a connection to a VPN server and then passes private network traffic over that connection. If you want to build a VPN client that implements a packet-oriented, custom VPN protocol, create a packet tunnel provider app extension.

When the system starts a VPN configuration that uses your packet tunnel provider, it performs the following steps:

• Launches your app extension.

• Instantiates your packet tunnel provider subclass within that app extension.

• Starts forwarding packets to your provider.

Your provider should open a tunnel to a VPN server and send those packets over that tunnel. Similarly, if your provider receives packets from the tunnel, it should pass them back to the system.

Packet tunnel providers can run in destination IP mode or source-application mode. The latter is one form of per-app VPN (the other form is an App proxy provider).

For detailed information about packet tunnel provider deployment options, see TN3134: Network Extension provider deployment.

Topics

Essentials

• Network Extensions Entitlement

Packet tunnel provider

• NEPacketTunnelProvider
• NETunnelProvider
• NEProvider
• NEPacketTunnelNetworkSettings
• NETunnelNetworkSettings
• NEEthernetTunnelProvider
• NEEthernetTunnelNetworkSettings

Packet handling

• NEPacketTunnelFlow
• NEPacket
• In-Provider Networking

VPN configuration

• NETunnelProviderManager
• NEVPNManager
• NETunnelProviderProtocol
• NEAppRule
• VPN On Demand Rules

VPN control

• NETunnelProviderSession
• NEVPNConnection

See Also

Virtual private networks

• Routing your VPN network traffic
• Personal VPN
• App proxy provider